dependency-upgrade - SKILL.md Agent Skill

name: dependency-upgrade description: Upgrade project dependencies safely by inspecting manifests, lockfiles, changelogs, breaking changes, tests, and generated artifacts. Use when asked to update packages, bump frameworks, address dependency vulnerabilities, refresh lockfiles, or modernize SDK versions.

Use this skill to upgrade dependencies without turning the repo into an uncontrolled migration.

Identify package managers, manifests, lockfiles, runtime versions, and workspace structure.
Inspect current dependency versions, direct versus transitive dependencies, and existing update conventions.
Choose the smallest useful update set: one dependency, one ecosystem group, security patch group, or framework upgrade.
Check release notes, changelogs, migration guides, and deprecations for breaking changes.
Update manifests and lockfiles with the repo's package manager.
Fix compile, lint, type, or test failures caused by the upgrade.
Run focused tests plus the package manager's integrity checks.
Document behavior changes, migration notes, and follow-up work when relevant.

Lockfiles match manifests.
Generated files are included only when the repo tracks them.
Runtime and engine constraints still match CI and docs.
Security fixes do not silently introduce major version changes unless requested.
Deprecation warnings are handled or recorded.

Summarize upgraded packages, version changes, breaking-change review, files changed, verification commands, and remaining risk.